﻿using System;
using System.Linq;
using System.Threading;
using System.Web.Mvc;
using System.Web.Routing;
using Turquoise.Core.Entities;
using Turquoise.Globalization;

namespace Turquoise.Web.Common.Security
{
    [AttributeUsage(AttributeTargets.Method)]
    public class TurquoiseSecurityAttribute : ActionFilterAttribute
    {
        private int[] Roles { get; }
        public TurquoiseSecurityAttribute(params int[] roles)
        {
            Roles = roles;
        }
        public override void OnActionExecuting(ActionExecutingContext filterContext)
        {
            var identity = (TurquoiseIdentity)Thread.CurrentPrincipal.Identity;
            if (!identity.IsAuthenticated)
            {
                if (identity.UserId > 0)
                {
                    var routeValueDictionary = new RouteValueDictionary
                    {
                        {"controller", "Redirection"},
                        {"action", "RedirectAction"},
                        {"message", Resources.NotPermission},
                        {"cssClass", "alert alert-danger"},
                        {"timeout", 2},
                        {"url", "/User/Login"}
                    };
                    filterContext.Result = new RedirectToRouteResult(routeValueDictionary);
                }
                else
                {
                    var routeValueDictionary = new RouteValueDictionary
                    {
                        {"controller", "User"},
                        {"action", "Login"}
                    };
                    filterContext.Result = new RedirectToRouteResult(routeValueDictionary);
                }
            }
            base.OnActionExecuting(filterContext);
        }

        public override void OnActionExecuted(ActionExecutedContext filterContext)
        {
            var identity = (TurquoiseIdentity)Thread.CurrentPrincipal.Identity;
            var isAuthenticated = false;
            if (identity.IsAuthenticated)
            {
                if (Roles.Length > 0)
                {
                    if (identity.UserRoles.Any(userRole => Roles.Contains(userRole)))
                    {
                        isAuthenticated = true;
                    }
                }
                else
                {
                    isAuthenticated = true;
                }
            }
            if (!isAuthenticated)
            {
                filterContext.Result = new RedirectToRouteResult(
                   new RouteValueDictionary
                   {
                       { "controller", "Redirection"},
                       { "action", "RedirectAction"},
                       { "message", Resources.NotPermission},
                       { "cssClass", "alert alert-danger"},
                       { "timeout", 2},
                       { "url", "/User/Login"}
                   });
            }
            base.OnActionExecuted(filterContext);
        }
    }
}